|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Country":
?, Australia, Belgium, Brazil, Canada, China, Ecuador, France, Germany, Global, Greece, India, Israel, Italy, Jamaica, Japan, Korea, Libya, Mexico, New Zealand, Peru, Spain, Sweden, Thailand, Turkey, UK, United Nations, USA
List of incidents for which Country is India
4 incidents listed
Reported: 17 February 2008Occurred: 09 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Planting of Malware
- Vertical: Media
The web site of a leading Indian newspaper is swamped with malware. A recent survey by WebSense cites by the Register found that of the sites hosing malware, 51% where legitimate sites that have been broken into. This is a major shift in the threat landscape, since keeping to web sites that you know is no longer a good protection strategy. Anecdotally undermining WebSense own web site classification technology as a security solution.
References:
Reported: 01 January 2008Occurred: 07 November 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Service Providers
Yet another defacement, but this time at a very major telecommunication provider in India. These are the guys in charge of our network after all!
References:
Reported: 03 September 2007Occurred: 02 September 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Planting of Malware
- Vertical: Finance
This very serious hacking incident provides insight into a lot
of the failures information security in general and web application
security particularly beyond the simple fact that the web site of the
largest state owned bank in India was invisibly defaced with Trojan
inflicting code.
Firstly, the entire discussion in the references is about the
Trojan payload, with no word about the vulnerability that led to the
defacement. Actually a reviewer on the SiteAdvisor report gives the
green mark to the web site after the Trojan is removed, without
requiring any information about the actual problem.
Secondly, most trust systems, including SiteAdvisor,
completely fail to detect the breach. Which makes me think about those
trust models: they check that the site was not breached, while they
should check that the site is not vulnerable. I guess the reason is
that their primary goal is to detect intentionally malicious sites and
not breaches is normative sites, but others use them to assess the
level of security of the later.
References:
Reported: 12 June 2007Occurred: 10 June 2007
Classifications:
- Attack Method: Unknown
- Country: India
- Outcome: Defacement
- Vertical: Government
The web site of the chief minister of Kerala (an Indian State) was hacked and defaced. The local police has contacted the Interpol to help in finding who is behind the web site hacking.
References:
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
